<?php
include ('header.php');
if ($admin==1) {
mysql_query ("CREATE TABLE IF NOT EXISTS `page` (
`id` INT NOT NULL AUTO_INCREMENT ,
`id_author` INT NOT NULL ,
`title` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`text` LONGTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`shorttext` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL , 
`address` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`access` INT NOT NULL ,
`menu` INT NOT NULL ,
`type` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`date` DATE NOT NULL ,
PRIMARY KEY ( `id` ) 
) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_general_ci;") or die(mysql_error());

//распределение шагов
$step=1;

if ($act=='add' || $act=='change') {$step=2;}


if (isset($_GET['del_id'])) {
$del_id = mysql_real_escape_string($_GET['del_id']);
sql_query ("DELETE FROM `page` WHERE `id` = '$del_id';") or die(mysql_error());
echo 'Удалено';
}


if ($actp=='add') {
$title = mysql_real_escape_string($_POST['title']);
$address = translitURL($_POST['address'],0);
if ($_POST['link']==True) {$type='link';$l=1;} else {$type='dir';$l=0;}
$text =mysql_real_escape_string($_POST['text']);
$shorttext =mysql_real_escape_string($_POST['shorttext']);
if(isset($_POST['access'])) {if(!preg_match('/[^0-9]/ui',$_POST['access'])) {$access=$_POST['access'];} else { echo 'Хакер?=))';}};
if(isset($_POST['menu'])) {if(!preg_match('/[^0-9]/ui',$_POST['menu'])) {$menu=$_POST['menu'];} else { echo 'Хакер?=))';}};
sql_query ("INSERT INTO `page` VALUES (
NULL , '$id', '$title', '$text', '$shorttext', '$address', '$access', '$menu', '$type', NOW());") or die(mysql_error());
echo 'Добавленно';
	}
	
	if ($actp=='change') {
$title = mysql_real_escape_string($_POST['title']);
$address = translitURL($_POST['address'],0);
if ($_POST['link']==True) {$type='link';$l=1;} else {$type='dir';$l=0;}
$text =mysql_real_escape_string($_POST['text']);
$shorttext =mysql_real_escape_string($_POST['shorttext']);
if(isset($_POST['access'])) {if(!preg_match('/[^0-9]/ui',$_POST['access'])) {$access=$_POST['access'];} else { echo 'Хакер?=))';}};
if(isset($_POST['menu'])) {if(!preg_match('/[^0-9]/ui',$_POST['menu'])) {$menu=$_POST['menu'];} else { echo 'Хакер?=))';}};
if(isset($_POST['id'])) {if(!preg_match('/[^0-9]/ui',$_POST['id'])) {$page_id=$_POST['id'];} else { echo 'Хакер?=))';}};
if ($_POST['date']==True) {$date='`date` = NOW(),';} 
sql_query ("UPDATE `page` SET 
".$date."
`title` = '$title',
`text` = '$text',
`shorttext` = '$shorttext',
`access` = '$access',
`menu` = '$menu',
`type` = '$type',
`address` = '$address' 
WHERE `id` =$page_id;
;") or die(mysql_error());
echo 'Обновленно';

	}



if ($step==1) {
	echo '<br /><a href="?act=add"><strong class="big">Добавить статью</strong></a><br /><br />';
	echo '<table width="100%" border="1">
  <tr>
    <th scope="col" style="width:25px">Ид</th>
    <th scope="col">Заголовоок</th>
    <th scope="col">Краткое описание</th>
	<th scope="col" style="width:150px">Категория</th>
	<th scope="col" style="width:100px">Адрес</th>
    <th scope="col" style="width:200px">Доступ</th>
    <th scope="col" style="width:100px">Автор</th>
    <th scope="col" style="width:150px">Дата</th>
	<th scope="col" style="width:50px">Тип</th>
	<th scope="col" style="width:150px">Действия</th>
  </tr>';
	$pagez=sql_query ("SELECT * FROM `page`");
while ($page = mysql_fetch_array($pagez))
{
	$id_author=$page['id_author'];
	$userz=sql_query ("SELECT * FROM `user` WHERE id='$id_author'");
	$user = mysql_fetch_array($userz);
	$menu=$page['menu'];
	$menuz=sql_query ("SELECT * FROM `menu` WHERE id='$menu'");
	$menu = mysql_fetch_array($menuz);
	if ($page['access']==100) {$access_string='Для админов (черновик)';}
	elseif ($page['access']==1) {$access_string='Для всех';}
	elseif ($page['access']==2) {$access_string='Для зарегистрированных';}
	
	
	//$text=closetag(substr($page['text'],0,1000));
$shorttext=closetags(substr($page['shorttext'],0,1000)); 
	//$text=strip_tags($substrtext);
  echo '
  <tr style="vertical-align:top">
 	<form action="page.php" method="get">
    <td><input name="del_id" type="hidden" value="'.$page['id'].'" />'.$page['id'].'</td>
    <td>'.$page['title'].'</td>
    <td>'.$shorttext.'…</td>
    <td>'.$menu['title'].'</td>
    <td>'.$page['address'].'</td>
    <td>'.$access_string.'</td>
    <td>'.$user['login'].'</td>
    <td>'.parse_date($page['date']).'</td>
	<td>'.$page['type'].'</td>
	<td><strong><a href="?act=change&amp;id='.$page['id'].'">Изменить</a></strong><input type="submit" value="Удалить" />&nbsp;&nbsp;</td>
	</form>
  </tr>
';
	}
	echo '</table>';
	echo '<br /><a href="?act=add"><strong class="big">Добавить статью</strong></a>';
	}

//Добавление статьи
if ($step==2) {
	if ($act=='change') {
		if(isset($_GET['id'])) {if(!preg_match('/[^0-9]/ui',$_GET['id'])) {$page_id=$_GET['id'];} else { echo 'Хакер?=))';}};
		$pagez=sql_query ("SELECT * FROM `page` where id='$page_id'");
		$page = mysql_fetch_array($pagez);
		}
	echo "<script>
bkLib.onDomLoaded(function() {
	new nicEditor({fullPanel : true}).panelInstance('text');
	new nicEditor({fullPanel : true}).panelInstance('shorttext');
});
</script>";
	echo '
	<form action="page.php" method="post">
	<table border="1" style="width:100%">
  <tr>
    <td style="vertical-align:top">	
	Заголовок:<br />
	<input name="title" type="text" style="width:98%" value="'.$page['title'].'"/><br />
	Краткое писание:<br />
	<textarea name="shorttext" id="shorttext"  style="width:100%;min-height:200px;">'.$page['shorttext'].'</textarea><br />
	Текст:<br />
	<textarea name="text" id="text"  style="width:100%;min-height:400px;">'.$page['text'].'</textarea><br />
	</td>
    <td  style="vertical-align:top;width:300px">
	Доступ:<br />
	<select size="1" name="access" style="width:98%">
  <option value="1"'; if ($page['access']!='2' && $page['access']!='0') {echo ' selected ';} echo'>для всех</option>
  <option value="2"'; if ($page['access']=='2') {echo ' selected ';} echo'>для зарегистрированных</option>
  <option value="100"'; if ($page['access']=='100') {echo ' selected ';} echo'>для админов (черновик)</option>
	</select><br /><br />
<hr><br />
Пункт меню:<br />'; 
	$menuz=sql_query ("SELECT * FROM `menu` where type='dir'");
while ($menu = mysql_fetch_array($menuz))
{
	echo '
  <label>
    <input type="radio" name="menu" value="'.$menu['id'].'" id="menu_0" '; if ($page['menu']==$menu['id']) {echo ' checked ';} echo'/>
    <strong>'.$menu['title'].'</strong></label><br /><small style="margin-left:20px">'.$menu['desc'].'</small><br />';
	}
	echo'
	<br /><br />
<hr><br />
Адрес страницы:
<br />
<input name="address" type="text" style="width:98%"  value="'.$page['address'].'"/>
<br />
<label><input name="link" type="checkbox" value="1"'; if ($page['type']=='link') { echo ' checked ';} echo'/> Cсылка</label><br />
* <small>- файл должен быть в папке /service/</small>
<br />
<br />
<hr><br />';
if ($act=='change') {echo '<label><input name="date" type="checkbox" value="yes" />Обновить дату публикации</label>';}
echo'</td>
  </tr>
</table>';
if ($act=='change') {echo '<input name="id" type="hidden" value="'.$page_id.'" />';}
echo '<input name="act" type="hidden" value="'; if ($act=='change') {echo 'change';} else {echo 'add';} echo'" />
<input type="submit" value="'; if ($act=='change') {echo 'Обновить';} else {echo 'Добавить';} echo'" />
	</form>';
	}

include ('footer.php');
} else {echo 'Недостаточно прав';};
?>